Generation systems and methods for transaction identifiers having biometric keys associated therewith

ABSTRACT

A system for generating transaction settlement identifiers includes an arrangement configured to receive a biometric sample from a customer and an arrangement configured to use the biometric sample to select the transaction settlement identifier from a pool of predetermined transaction settlements. A mapping arrangement configured to map the selected financial transaction settlement identifier to an identifier of the customer also may be included.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/318,683, filed on Jun. 29, 2014, entitled “GENERATION SYSTEMS ANDMETHODS FOR TRANSACTION IDENTIFIERS HAVING BIOMETRIC KEYS ASSOCIATEDTHEREWITH”, which is a continuation of U.S. patent application Ser. No.11/623,956, filed on Jan. 17, 2007, entitled “GENERATION SYSTEMS ANDMETHODS FOR TRANSACTION IDENTIFIERS HAVING BIOMETRIC KEYS ASSOCIATEDTHEREWITH”, both of which are incorporated by reference in theirentirety for any and all purposes.

FIELD OF THE INVENTION

Embodiments of the present invention relate generally to transactionsettlement identifier generation systems and methods. More specifically,embodiments of the present invention relate to systems and methods forgenerating transaction settlement identifiers using biometric features.

BACKGROUND OF THE INVENTION

Fraud in eCommerce transactions has become a significant problem. Creditcard issuers have created the “surrogate card number” model in anattempt to address this problem. According to this model, a “one time”credit card number is generated by a credit card issuer andautomatically mapped back (by the issuer system) to the original cardnumber during any subsequent authorisation, capture or refund event. Theoriginal card number is, therefore, never exposed and in the event the“one time” number is compromised (e.g. a hacker successfully penetratesthe merchant's system) the fraud risk is mitigated as the “one time”number is deactivated for further purchase activity once the firstauthorisation event is processed.

While this model represents a significant improvement in online fraudmanagement and has helped to establish consumer confidence in onlinecommerce, it remains vulnerable to the threat of identity theft(commonly referred to as “phishing”). A variety of sophisticatedtechniques, including social engineering, are employed by fraudsters todiscover consumer information (e.g. User Ids, passwords etc.) to enablethem to perform seemingly valid transactions for fraudulent purposes.For example, in the “one time” card model, the fraudster would attemptto discover the consumer's password to enable the fraudster to request avalid “one time” credit card number to purchase goods online and havethem shipped to a different address. Customers subsequently repudiatethe transaction leaving the issuer in the position of adjudicator withconsequential financial loss or reduction in customer satisfactionlevels.

In essence the point of attack is starting to shift away from merchant'ssystems back to the issuer's systems. While the “surrogate card number”model is principally designed to effectively address merchantvulnerabilities, further expansion of the concept is needed to considerissuer side threats and vulnerabilities.

Likewise, fraud is a significant problem in money transfer transactions.Under typical practice, a sender visits an “agent” (i.e., agent of amoney transfer system operator, such as Western Union of Englewood,Colorado) location to specify payee details (name, destination countryand test question, if applicable) and pay applicable fees and principalamount to be transferred. The agent receipts the transaction detailsinto a money transmission system and receives a Money Transfer ControlNumber (“MTCN”) that uniquely references the transaction. The agentprovides the MTCN to the sender. The sender advises the recipient(Payee) through independent means (e.g. phone call or SMS) of thetransfer's availability for collection and the MTCN. The payee visits anagent location, and supplies the MTCN, appropriate identification andcorrect response to the test question (if applicable). The agent paysout the principal amount on successful completion of verificationchecks. Some of the foregoing steps may be performed by Internet-basedmeans.

This model is vulnerable to a number of attacks. For example, a payingagent may collude with a fraudster and pay out funds without complyingwith local verification procedures. An unrelated agent in the payingcountry may also retrieve the transaction details from the moneytransfer software using limited search criteria and enable an accompliceto proceed with collection at a separate location in the expected payoutcountry. Or, a number of fraudulently inclined individuals may presentthemselves simultaneously at different agent locations in thedestination country of a transfer and all receive payout before themoney transfer system is able to detect the problem.

Hence, a more robust payee authentication method is required at point ofpayout to secure the process from these attacks.

BRIEF SUMMARY OF THE INVENTION

One embodiment of the invention provides for a transaction settlementidentifier generation system. The system may include an arrangementconfigured to receive a biometric sample from a customer; an arrangementconfigured to use the biometric sample to select the transactionsettlement identifier from a pool of predetermined transactionsettlements; and a mapping arrangement configured to map the selectedfinancial transaction settlement identifier to an identifier of thecustomer. The biometric sample may be a voiceprint, fingerprint, DNAsample, and/or a retinal scan. The transaction settlement identifier maybe a one-time use credit card number.

Another embodiment of the invention provides a system for associating abiometric sample with a transaction settlement identifier. The systemincludes a storage arrangement adapted to store transaction settlementidentifiers and keys; an input adapted to receive a biometric samplefrom a user; and a processor. The processor may be programmed to executeinstructions to receive the biometric sample from a user through theinput; instructions to use the biometric sample to select a transactionsettlement identifier from a pool of predetermined transactionsettlement identifiers; and instructions to thereafter use thetransaction settlement identifier to settle a transaction. The processormay further have instructions to use the biometric sample to generate afirst key; and instructions to store the first key and the transactionsettlement identifier as a record. Processor instructions may furthergenerate the first key by a cryptographic hashing of the biometricsample. The transaction settlement identifier may be a credit cardnumber, a charge card number, a one-time use credit card number, a moneytransfer control number, a transfer authentication number, a transactionidentifier, a debit card number, and/or a stored value card number. Thebiometric sample may be a voiceprint, a fingerprint, a retinal scan,and/or a DNA sample.

The processor may further include instructions to retrieve a second keyassociated with the transaction settlement identifier from the storagearrangement; and instructions to generate the first key bymathematically combining the first key with a cryptographic hash of thetransaction settlement identifier. The processor may includeinstructions to apply an exclusive disjunction operator on the secondkey and the cryptographic hash of the transaction settlement identifier.The processor may also include instructions to receive a request from auser for a transaction settlement identifier, wherein the transactionsettlement identifier comprises a one-time-use credit card number;instructions to retrieve a one-time-use credit card number from a poolof one-time-use credit card numbers; and instructions to issue theone-time-use credit card number to the customer. The processor mayfurther include instructions to generate a one-time credit-card number.

Another embodiment of the invention may provide for a method forassociating a cryptographic hash of a physical sample with a financialidentifier. The method may include receiving a first biometric samplefrom a user; using the biometric sample to select a transactionsettlement identifier from a pool of predetermined transactionsettlement identifiers; and using the transaction settlement identifierto settle a transaction. The method may also include generating a firstkey from the biometric sample; and assigning the first key to thetransaction settlement identifier. Generating a first key may includeretrieving a second key associated with the financial identifier from adatabase; and mathematically combining the previous key with the hash tocreate the first. A first key may be generated by applying an exclusivedisjunction operation on the previous key and the hash. The method mayalso include receiving a request from a user for a financial identifier,wherein the financial identifier comprises a one-time-use credit cardnumber; retrieving a one-time-use credit card number from a pool ofone-time-use credit card numbers; and issuing the one-time-use creditcard number to the customer. A one-time-use credit card number may alsobe generated.

The transaction settlement identifier may be an account number, a creditcard number, a charge card number, a one-time-use credit card number, amoney transfer control number, a transfer authentication number, atransaction identifier, a debit card number, and/or a stored value cardnumber. The biometric sample may be a voiceprint, a fingerprint, aretinal scan, and/or a DNA sample.

BRIEF DESCRIPTION OF THE DRAWINGS

A further understanding of the nature and advantages of the presentinvention may be realized by reference to the remaining portions of thespecification and the drawings wherein like reference numerals are usedthroughout the several drawings to refer to similar components. Further,various components of the same type may be distinguished by followingthe reference label by a dash and a second label that distinguishesamong the similar components. If only the first reference label is usedin the specification, the description is applicable to any one of thesimilar components having the same first reference label irrespective ofthe second reference label.

FIG. 1A depicts a typical purchase transaction in which a consumer usesa one-time-use credit card to complete a transaction with an onlinemerchant according to one embodiment of the invention.

FIG. 1B depicts a purchase transaction in which a fraudster acquiresaccount details from the consumer leaving the issuer unable to collectthe transaction funds from the consumer according to one embodiment ofthe invention.

FIG. 2 illustrates an exemplary system according to one embodiment ofthe invention.

FIG. 3A depicts an exemplary method according to one embodiment of theinvention.

FIG. 3B depicts an exemplary repudiation process according to oneembodiment of the invention.

FIG. 4A depicts an exemplary money transfer system according to oneembodiment of the invention.

FIG. 4B depicts a money transfer method according to one embodiment ofthe invention.

FIG. 5A illustrates an exemplary master pool from which transactionsettlement numbers may be selected according to one embodiment of theinvention.

FIG. 5B depicts an exemplary method for populating a master poolaccording to one embodiment of the invention.

FIG. 6A depicts a method of generating an array of one-time-use creditcard numbers according to one embodiment of the invention.

FIG. 6B depicts another method of generating a master pool ofone-time-use credit card numbers according to one embodiment of theinvention.

FIG. 7 depicts a method of generating an individual master pool ofone-time-use credit card numbers for each credit card number accordingto one embodiment of the invention.

FIG. 8 depicts an assignment table according to embodiments of thepresent invention.

FIG. 9 depicts a method of assigning transaction settlement numbers fromthe master pool according to embodiments of the present invention.

FIG. 10 depicts a method of confirming the identity of user associatedwith a transaction settlement identifier according to one embodiment ofthe invention.

FIG. 11 depicts a method of confirming the identity of payee associatedwith a MTCN according to one embodiment of the invention.

FIG. 12 depicts a first exemplary method of a recipient-staged moneytransfer transaction.

FIG. 13 depicts a second exemplary method of a recipient-staged moneytransfer transaction.

DETAILED DESCRIPTION OF THE INVENTION

Embodiments of the present invention relate to systems and methods forassigning transaction settlement identifiers. In order to provide acontext for describing embodiments of the present invention, embodimentsof the invention will be described herein with reference to providingtransaction settlement identifiers (aka “transaction settlementnumbers”) as one-time-use credit card numbers for purchase transactionsand/or money transfer control number (MTCNs) for money transfertransactions. Those skilled in the art will appreciate, however, thatother embodiments are possible. For example, embodiments of theinvention may be used to provide brokerage account purchase andredemption transaction settlement numbers and the like.

The ensuing description provides preferred exemplary embodiment(s) only,and is not intended to limit the scope, applicability or configurationof the invention. Rather, the ensuing description of the preferredexemplary embodiment(s) will provide those skilled in the art with anenabling description for implementing a preferred exemplary embodimentof the invention. It is to be understood that various changes may bemade in the function and arrangement of elements without departing fromthe spirit and scope of the invention as set forth in the appendedclaims.

Specific details are given in the following description to provide athorough understanding of the embodiments. However, it will beunderstood by one of ordinary skill in the art that the embodiments maybe practiced without these specific details. For example, systems may beshown in block diagrams in order not to obscure the embodiments inunnecessary detail. In other instances, well-known processes, structuresand techniques may be shown without unnecessary detail in order to avoidobscuring the embodiments.

Also, it is noted that the embodiments may be described as a processwhich is depicted as a flowchart, a flow diagram, a data flow diagram, astructure diagram, or a block diagram. Although a flowchart may describethe operations as a sequential process, many of the operations can beperformed in parallel or concurrently. In addition, the order of theoperations may be re-arranged. A process is terminated when itsoperations are completed, but could have additional steps not includedin the figure. A process may correspond to a method, a function, aprocedure, a subroutine, a subprogram, etc. When a process correspondsto a function, its termination corresponds to a return of the functionto the calling function or the main function.

Moreover, as disclosed herein, the term “storage medium” may representone or more devices for storing data, including read only memory (ROM),random access memory (RAM), magnetic RAM, core memory, magnetic diskstorage mediums, optical storage mediums, flash memory devices and/orother machine readable mediums for storing information. The term“computer-readable medium” includes, but is not limited to portable orfixed storage devices, optical storage devices, wireless channels andvarious other mediums capable of storing, containing or carryinginstruction(s) and/or data.

Furthermore, embodiments may be implemented by hardware, software,firmware, middleware, microcode, hardware description languages, or anycombination thereof When implemented in software, firmware, middlewareor microcode, the program code or code segments to perform the necessarytasks may be stored in a machine readable medium such as storage medium.A processor(s) may perform the necessary tasks. A code segment mayrepresent a procedure, a function, a subprogram, a program, a routine, asubroutine, a module, a software package, a class, or any combination ofinstructions, data structures, or program statements. A code segment maybe coupled to another code segment or a hardware circuit by passingand/or receiving information, data, arguments, parameters, or memorycontents. Information, arguments, parameters, data, etc. may be passed,forwarded, or transmitted via any suitable means including memorysharing, message passing, token passing, network transmission, etc.

According to embodiments of the present invention, a biometric featureof an individual is used to generate a transaction identifier forsubsequent use by the individual to complete a transaction. Thetransaction may be a purchase transaction, a money transfer transaction,or the like. The close association of the transaction identifier to theindividual helps to minimize fraud associated with the transaction.

In the case of purchase transactions, a consumer provides a biometricsample to an issuer upon requesting the transaction identifier. Thebiometric sample may be a sample of any of a variety of biometricfeatures of the consumer. For example, the consumer may provide afingerprint, a voiceprint, DNA, retinal scan, or the like. Moreover,while embodiments of the present invention are described using abiometric feature of an individual to generate a transaction identifier,other physical identifiers may be used. For example, a PC signature orthe keystroke dynamics of the user may be used. In such embodiments, theuser may request a transaction identifier using a computer and use thePC signature or their keystroke dynamics to generate a transactionidentifier. The PC signature or keystroke dynamics may be initiatedlocally by the user's computer or remotely through a network.Accordingly, while a biometric sample is used throughout thespecification to describe embodiments of the invention, other physicalidentifiers uniquely identifying a user or user's system may be used togenerate a transaction identifier.

The transaction identifier may be a one-time-use transaction identifier,such as a one-time-use credit card number, or the like. The issuer usesthe biometric sample, or a function thereof (e.g., a hash), to selectthe transaction identifier from a large pool of transaction identifiersappropriate for the particular use. The consumer thereafter uses thetransaction identifier to complete the transaction. In some cases, asecond biometric sample is obtained from the consumer to authorize thetransaction. In other cases, a second biometric sample is obtained onlyif the consumer attempts to repudiate the transaction.

In the case of money transfer transactions, a sender obtains a firsttransaction number upon depositing funds with a money transfer agent.The sender then provides the first transaction number to the desiredrecipient. The recipient then provides a biometric sample and the firsttransaction number to a money transfer system operator to receive asecond transaction number (e.g., a MTCN, Money Transfer Control Number).The money transfer agent on the sender side, therefore, does not knowthe MTCN. The recipient then requests the funds deposited by the senderfrom a money transfer agent, which may be the same as the money transferagent on the send side, but is most likely a different money transferagent. At the time of request, the recipient provides the MTCN and abiometric sample. Only if the biometric sample matches the sampleprovided by the recipient to the money transfer system operator can themoney transfer agent provide the funds. Hence, according to someembodiments, the transfer is protected from fraudulent collusion amongmoney transfer agents since agents do not have access to transferrecords using only an MTCN. Moreover, by providing a biometric sample atthe time of receipt, a recipient is less able to claim not havingreceived the funds. Further, embodiments of the present inventionprevent multiple individuals from simultaneously requesting payment fromdifferent money transfer agents and receiving multiple payouts, since,presumably only one individual's biometric will result in transactionapproval. Further still, collection of a biometric at the time ofpayment allows aggregation of transaction amounts for anti-moneylaundering compliance tracking.

Having described embodiments of the invention generally, attention isdirected to FIG. 1A, which depicts a typical purchase transaction 100 inwhich a consumer uses a one-time-use credit card to complete atransaction with an online merchant. It will be appreciated, however,that, although embodiments of the present invention will be describedherein with reference to online transactions using one-time-use creditcards, the present invention is not limited to such embodiments. Thispurchase transaction 100 begins at block 102 at which point a consumerrequests and receives a one-time-use credit card number from an issuer.In doing so, the consumer provides, for example, an account number andpassword to the issuer. At block 104, the consumer uses the one-time-usecredit card number to complete a purchase transaction with an onlinemerchant. At block 106, the merchant obtains authorization for thetransaction from the issuer, and the transaction is completed at block108. Thereafter, the merchant obtains compensation for the transactionfrom the issuer at block 110, and the issuer obtains compensation fromthe consumer at block 112.

In the typical purchase transaction 100 of FIG. 1A, everything goesaccording to plan. FIG. 1B, however, depicts a purchase transaction 130in which a fraudster acquires account details from the consumer leavingthe issuer unable to collect the transaction funds from the consumer.The transaction 130 begins at block 132, at which point the fraudsterobtains the consumer's account password. The fraudster then uses thepassword to obtain a one-time-use credit card number from the issuer(134) and complete a transaction with a merchant (136). Because thenumber appears to have been obtained by the consumer, the transaction isauthorized (138) and completed (140). The merchant is able to obtaincompensation from the issuer (142), but when the issuer attempts toobtain compensation from the consumer (144), the consumer is able tosuccessfully repudiate the transaction (146). Hence, the issuer ispenalized because of the consumer's failure to protect his password. Ofcourse, the consumer may fraudulently repudiate the transaction, and theissuer has no ability to challenge him. Embodiments of the presentinvention provide a solution to this situation.

Attention is directed to FIG. 2, which illustrates an exemplary system200 according to embodiments of the invention. Those skilled in the artwill appreciate that the system 200 is merely exemplary of a number ofpossible system embodiments. The system includes a computer 202associated with a consumer. The computer 202 may be any of a variety ofwell-known computing devices such as, for example, a personal computer,a laptop computer, a personal digital assistant (PDA), a “Smart Phone,”or the like. The consumer uses the computer 202 to communicate via anetwork 204 with a computer 206 associated with an issuer and/or anonline merchant 208. The network 204 may be, for example, the Internet,but other embodiments are possible. The computer 206 associated with theissuer may be a host computer system that includes a mainframe computer,a collection of servers, and/or the like. The computer 206 has at leastone associated data storage arrangement 210, which may be any of avariety of well know data storage arrangements. The computer 206 isprogrammed to perform the exemplary method embodiments disclosed herein.

The online merchant 208 may communicate with the issuer computer 204 viathe network 204 or through a different network 212, which may be, forexample, a credit card transaction processing network. The onlinemerchant 208 communicates with the issuer to obtain authorization forcredit card transactions.

According to some embodiments, the consumer obtains a one-time-usecredit card by communicating with the issuer via the Internet. Thisassumes that the consumer is able to provide a biometric sample via theInternet. In other embodiments, the consumer may use a telephone 214 tocontact the issuer via the PSTN (public switched telephone network) 216or Internet using, for example VOIP (Voice Over Internet Protocol), tothereby provide a voiceprint. Those skilled in the art will appreciate,in light of the disclosure herein, a number of additional embodimentsthrough which a consumer may provide a biometric sample to the issuer.

Having described an exemplary system 200, attention is directed to FIG.3A, which depicts an exemplary method 300 according to embodiments ofthe invention. The method 300 may be implemented in the system 200 ofFIG. 2 or other appropriate system. The method 300 begins at block 302at which point a consumer requests a one-time-use credit card numberfrom an issuer. The issuer obtains a biometric sample from the consumerat block 304 and uses the biometric sample to assign a one-time-usecredit card to the consumer from a large pool of suitable one-time-usecredit card numbers at block 306. Thereafter, the consumer provides theone-time-use credit card number to a merchant at block 308 in theprocess of completing a purchase transaction. The merchant obtainsauthorization for the transaction from the issuer at block 310, and thetransaction is completed at block 312. The merchant thereafter obtainscompensation from the issuer for the transaction at block 314, and theissuer obtains compensation from the consumer at block 316.

The method 300 depicts the typical case in which the consumer does notattempt to repudiate the transaction. FIG. 3B depicts what happens ifthe consumer attempts to repudiate the transaction.

Attention is directed to FIG. 3B, which depicts an exemplary repudiationprocess 320. At block 322, the consumer disputes the transaction. Atblock 324, the issuer obtains a biometric sample from the consumer. Theissuer also retrieves the biometric sample used to assign theone-time-use credit card to the consumer at block 326. The issuer isthen able to compare the two samples, and the consumer's ability torepudiate the transaction depends on the comparison. This is indicatedby block 328.

Hence, according to embodiments of the invention, a consumer is lessable to repudiate a transaction, due to the tight coupling between theconsumer, using the biometric, and the issuance of the one-time-usenumber. Of course, the consumer could also claim that the one-time-usenumber was pilfered after issuance, but other controls may be used tolimit such possibility. For example, a consumer may protect himself byrequesting the number close in time to the planned usage. The issuer mayprotect itself by limiting the validity duration of the number to only afew minutes, a few hours, or a few days. The one-time-use nature of thenumber provides further protection for both the consumer and the issuerby preventing multiple uses of the number. Even further protection maybe provided if the merchant takes a biometric sample from the consumerat the time of the purchase transaction. The merchant would then providethe sample to the issuer as part of the authorization process.

Those skilled in the art will appreciate a number of modifications andadditional advantages to embodiments of the present invention in lightof the disclosure herein. Moreover, in light of the disclosure herein,those skilled in the art will appreciate how the concepts disclosedherein by be applied to other types of transactions. For example, FIGS.4A and 4B depict an exemplary system 400 and exemplary method 430 forperforming money transfer transactions according to embodiments of thepresent invention.

Attention is directed to FIG. 4A, which depicts an exemplary moneytransfer system 400 according to embodiments of the invention. Thesystem 400 includes a sender agent location 402, at which a sender maydeposit funds for receipt by a recipient. The sender location 402 may bea computer of the sender or may be a physical agent location (e.g.,money transfer office, store, etc.) equipped to initiate money transfertransactions. The sender agent location communicates, via a network 404,with a money transfer system operator 406 to thereby receive atransaction identifier. Typically, a sender might receive a MTCN (MoneyTransfer Control Number) at this point, but that is not the case here.The sender receives a transaction identifier that cannot be used toobtain the funds like an MTCN could. The transaction identifier isstored at a storage arrangement 407 associated with the money transfersystem operator.

The system 400 also includes a telephone 408 associated with a recipientand the PSTN (public switched telephone network) 410 though which therecipient may communicate with the money transfer system operator 406.The recipient, having received the transaction identifier from thesender, is able to provide the transaction identifier and a biometricsample to thereby obtain the MTCN. Those skilled in the art willappreciate many additional means through which the recipient may providea biometric sample to and obtain a MTCN from the money transfer systemoperator.

The system also includes a recipient agent location 412 at which thesender may request payment. The sender agent location 412 is able toobtain a biometric sample from the recipient, communicate the biometricsample, along with the MTCN, to the money transfer system operator 406,and receive authorization to pay the recipient. The recipient is paidonly if the biometric the recipient provides matches the biometricsupplied to obtain the MTCN.

Having described the money transfer system 400, attention is directed toFIG. 4B, which depicts a money transfer method 430 according toembodiments of the invention. The method 430 may be implemented in thesystem 400 of FIG. 4A or other appropriate system. The method 430 beginsat block 432, at which location a sender deposits funds with a moneytransfer agent and obtains a transaction number. The transaction numberis provided by the money transfer system operator. The sender providesthe transaction number to the designated recipient at block 434. Therecipient contacts the money transfer system operator at block 436 andsupplies the transaction identifier and a biometric sample to therebyreceive the MTCN. The MTCN is generated by the money transfer systemoperator according to the embodiments of the invention.

At block 438, the recipient requests payment from a money transferagent. The agent collects the MTCN and a biometric sample from therecipient at block 440 and supplies them to the operator at block 442 aspart of an authorization request. The operator uses the MTCN to locatethe biometric sample provided to obtain the MTCN and authorizes theagent to pay the recipient only if the samples match, which takes placeat block 444.

Those skilled in the art will appreciate that the aforementionedembodiments are merely exemplary. Moreover, it will be appreciated thatthe any of a variety of methods may be employed to generate one-time-usecredit card numbers, MTCNs, and the like from a biometric sample. In mayembodiments, the one-time-use credit card number or MTCN is selectedfrom a large pool of appropriately selected numbers using the biometricsample or a function of a biometric sample, but this is not required.The ensuing description, however, provides exemplary methods forgenerating a master pool, selecting numbers from the pool, andauthorizing transactions using numbers selected from the pool.

Attention is directed to FIG. 5A, which illustrates an exemplary masterpool 500 from which transaction settlement numbers may be selected. Thetransaction settlement numbers may be one-time-use credit card numbers,as in this example, or may be MTCNs, or the like in other embodiments.The master pool 500 includes a “record number” field, a “one-time CC#”field, and an “assignment table pointer” field. The record number field,in this exemplary embodiments, is numbered consecutively throughout therecords in the pool, and the pool includes a sufficient number ofrecords to satisfy expected demand for the transaction settlementnumbers. The one-time CC# field includes a unique transaction settlementnumber in each record, and the field of each record is populatedrandomly as will be described with reference to FIG. 5B. The assignmenttable pointer field of each record maintains a pointer to a record in anassignment table. The assignment table will be described below withreference to FIG. 8. When a transaction settlement number is assigned,the assignment table pointer field is populated as will be describedbelow with reference to FIG. 9.

FIG. 5B depicts an exemplary method 530 for populating a master pool. Atblock 532, an array of conforming numbers is generated. The numbersconform to appropriate specification for which the transactionsettlement numbers will be used. For example, in this embodiment, thetransaction settlement numbers are one-time-use credit card numbers, andthe numbers which are sixteen digits long and include no letters. Thenumbers are in appropriate ranges (e.g., BIN ranges) to thereby preventduplication with typical credit cards. In other examples, thetransaction settlement numbers may be MTCNs, which would beappropriately formatted according to the desired specifications forMTCNs. Many such examples are possible.

At block 534, a first transaction settlement number is randomly selectedfrom the from the array. At block 536 a determination is made whetherthe transaction settlement number has already been selected. If it has,another transaction settlement number is randomly selected at block 534.If the selected number has not been selected yet, the number is insertedinto the master pool at block 538. The process continues, consecutivelypopulating records of the master pool with transaction settlementnumbers, until the master pool is fully populated with random selectionsof transaction settlement numbers from the array. Those skilled in theart will appreciate that this is but one exemplary method for populatingan exemplary master pool.

FIG. 6A depicts another method 600 for generating an array ofone-time-use credit card numbers. In this embodiment, an array ofone-time-use credit card numbers is generated. This array is used toassign one-time-use credit card numbers to a user and/or a master pool.At block 610 a one-time-use credit card number is created, which,according to specific embodiments, conforms to appropriate formatsand/or standards for which the number will be used (e.g., credit cardnumber, MTCN, etc.). The one-time-use credit card number is adjusted tocomply with format and content specifications developed by the industryat block 615. The one-time-use credit card number is then stored in aone-time-use credit card number array at block 620 whereupon the systemreturns to block 610. Other means for storing the one-time-use creditcard number may be used, such as a linked list, a generic file, a textfile, etc.

FIG. 6B depicts a method 650 of generating a master pool of one-time-usecredit card numbers according to one embodiment of the invention. Atblock 625 the record number is initiated and set to 1. A one-time-usecredit card number is selected from a one-time-use credit card numberarray at block 630. The array may be the array generated at block 620 ofFIG. 6A. This number may be selected randomly, incrementally orsystematically. Furthermore, the system may also select the one-time-usecredit card number from any other storage location. Once the number isselected, the system, at block 635, determines if it is currently in useor not. If it is currently in use, then the system returns to block 630and another one-time-use credit card number is selected. Theone-time-use credit card number may also be deleted from theone-time-use credit card number array. If the one-time-use credit cardnumber is not in use, the one-time-use credit card number is insertedinto the master pool 650 at block 640 at the location associated withthe record number. The record number is incremented at block 645 and thesystem selects another number from the one-time-use credit card numberarray at block 630 whereupon the system is repeated.

FIG. 7 depicts a method 700 of generating an individual master pool ofone-time-use credit card numbers for each credit card according to oneembodiment of the present invention. While this embodiment generates andstores one-time-use credit card numbers in a pool, the method may beused for any type of transaction settlement number. According to thisembodiment, each credit card number has an associated pool ofone-time-use credit card numbers 730. Each one-time-use credit cardnumber pool 730 may be a fixed size or the size may be adjusteddynamically according to the number of one-time-use credit card numbersused or required by the user.

A credit card number is selected at block 710 for populating theone-time-use credit card number pool 730 associated with the credit cardnumber. A one-time-use credit card number is randomly generated at block715. Generation of the one-time-use credit card number may also includesteps to ensure the one-time-use credit card number complies withindustry specifications. At block 720, the method determines if theone-time-use credit card number generated at block 715 is unique, if itis not unique, the method returns to block 715. The system may determineif the one-time-use credit card number is unique by refereeing to a listor array of issued credit card numbers, unissued credit card numbers orthe like. If the one-time-use credit card number is unique, the methodmoves to block 725. At block 725, the one-time-use credit card numberpool record number is incremented. At block 735, the system determinesif the one-time-use credit card number pool is full. If the pool isfull, the system returns to block 710, where another credit card numberis selected. In alternative embodiments, the size of the one-time-usecredit card number pool 730 may be increased and the system moves alongto block 740. In other embodiments, more than one-time-use credit cardnumber pool may be associated with the credit card number. At block 740,the randomly produced one-time-use credit card number is entered intothe one-time-use credit card number pool and the system returns to block715.

Attention is directed to FIG. 8, which depicts an assignment table 800according to embodiments of the present invention. The assignment table800 maps starting numbers to transaction settlement numbers in themaster pool 500. The starting numbers maybe, for example, a consumer'scredit card account number, as in this example, a transaction identifierprovided to a sender in a money transfer transaction, or the like. Theassignment table 800 includes a “key” filed, a “record number” field, a“real CC#” field, a “usage conditions” field, a “previous pointer”field, and a “next pointer” field.

The key field provides an index to the assignment table. According toembodiments of the invention, the key field is based on a biometricsample as will be described in greater detail with respect to FIG. 9.The record number field identifies a record in the master pool. The“real CC#” field stores the starting number from which the transactionsettlement number is generated. In other exemplary embodiments, the realCC# field may be, for example, the transaction identifier provided tothe sender in a money transfer transaction. The usage conditions fieldmay include any of a variety of usage conditions associated with thetransaction settlement number. For example, the usage conditions fieldmay identify a limited number of merchants at which the transactionsettlement number may be used. It may include an expiration time and/ordate for the number, and/or the like. Those skilled in the art willappreciate a number of additional conditions that may be included in theusage number field. The previous and next pointers identify previous andnext assignment table records in a daisy chain of records assigned to acommon consumer, customer, recipient, or the like, as will be describedin greater detail with respect to FIG. 9.

The assignment table 800, unlike the master pool 500, is not fullypopulated initially. Additional records are added as transactionsettlement numbers are requested and assigned by the issuer. A “lastrecord assigned” pointer is used in the process of assigning transactionsettlement numbers as will be described with respect to FIG. 9.

Attention is directed to FIG. 9, which depicts a method 900 of assigningtransaction settlement numbers from the master pool according toembodiments of the present invention. At block 902, a request for atransaction settlement number is received from a customer. In thisembodiments, the request is for a one-time-use credit card number andthe request is received by an issuer. In other embodiments, the requestmay be for a MTCN and be received by a money transfer system operator.The request includes a biometric sample (e.g., a voiceprint) from thecustomer. The request also identifies the customer's credit cardaccount. For example, the customer may have used a USER ID and passwordto access an account electronically, and the account includes a featurethat allows the customer to request a one-time-use credit card number.

At block 904, the issuer creates a hash of the biometric sample, therebyproducing #V. In this embodiment, the hashing algorithm produces a #Vthat is repeatable for different biometric samples of the sameindividual. In other embodiments, a function other than hashing may beused to produce #V. In other embodiments, the function may not produce a#V that is repeatable for different biometric samples of the sameindividual.

At block 906, #V is used to search the assignment table. At block 908, adetermination is made whether #V has been used previously as anassignment table key. If not, the process continues at block 910. If so,the process continues at block 918 as will be described below.

At block 910, #V is populated into the key field of a new assignmenttable record. At block 912, the “last record assigned” pointer isincremented to point to the next, unassigned, record in the master pool.At block 914, the record # of the indicated record of the master pool ispopulated into the record # field of the new record of the assignmenttable. The customer's real credit card account number is populated intothe real CC# field of the new assignment record, the key of the newassignment record is populated into the assignment pointer field of thecurrent master pool record, and any usage conditions are populated intothe usage conditions field of the assignment record. The next andprevious pointers of the new assignment record are populatedappropriately as will be described in greater detail hereinafter.

At block 916, the transaction settlement number is returned to thecustomer. The customer may thereafter use the transaction settlementnumber in an appropriate transaction.

Returning to block 910, if #V has been used previously (i.e., a recordin the assignment table has the value #V as a key), blocks 912 and 914are traversed repeatedly until the last assignment table record in thechain is located. Locating the last record in the chain, however,requires knowing how subsequent keys are assigned.

Each time a customer requests a transaction settlement number (e.g., aone-time-use credit card number), a new key is created. The first key is#V. The second key is #V XOR the first transaction settlement numberassigned to the customer. Third key is the second key XOR the secondtransaction settlement number assigned to the customer, and so on.Hence, each new key incorporates together the customer's biometric andeach previously assigned transaction settlement number.

Returning to the discussion of FIG. 9, if a record in the assignmenttable is located using #V, then the master pool record stored in theassignment table is used to locate the previously assigned transactionsettlement number. The next key is then created by performing an XORfunction of #V and the previously assigned transaction settlementnumber. This key is used to search the assignment table, and if a recordis located, the next key in the sequence is created and the table issearched again. This process continues until a search of the assignmenttable does not return a record. The current key then becomes the key ofthe new record in the assignment table created at block 922.

It should now be apparent to those skilled in the art that the next andprevious pointer fields may be, at block 914, populated to assist withsearches of the assignment table. This will be particularly usefulduring authorization and dispute resolution processes as will bedescribed in greater detail hereinafter with reference to FIGS. 10 and11.

FIG. 10 shows a method 1000 for confirming the identity of a user bycomparing a received biometric sample and the stored sample to detectfor fraudulent transactions according to one embodiment of theinvention. The method 1000 shown may be used for any type of transactionsettlement identifier, such as, for example, one-time-use credit cardnumbers and/or MTCN's. In light of the embodiment described in thefigure, those skilled in the art will recognize other embodiments wellwithin the scope of the invention.

At Block 1010 a user contacts issuer to dispute a transaction theyconsider to be fraudulent. The user's identity may need confirmationbecause the user may deny requesting and having been issued aone-time-use credit card number and, therefore, deny making atransaction with the one-time-use credit card number. The user may alsowish to confirm their identity in order to receive a payout.

At block 1015, the issuer receives the transaction settlement numberfrom the user as well as a biometric sample at block 1020. Afterreceiving the biometric feature, the issuer creates a hash (#H) of thebiometric sample at block 1025 using a hashing algorithm as discussedabove. The issuer may then retrieve the record associated with thetransaction settlement number at block 1030, for example, from theassignment table.

The record retrieved at block 1030, may contain the transactionsettlement number, and a unique key. The record may also containprevious and next pointers. The previous and next pointers link therecords for a particular user in a chain like fashion. As describedabove, the key associated with each transaction settlement number may bea mathematical combination of the previous key and the previoustransaction settlement number. The first key associated with a user isthe hash of the biometric sample. Thus, at block 1035, the methoddetermines whether this record associated with the transactionsettlement number is the first record in the chain. If the previouspointer is NULL, then the record is the first record in the chin. If itis not the first record the method retrieves the previous record atblock 1040. If the previous pointer equals NULL then the record is thefirst record. Between blocks 1035 and 1040, the method traverses thechain of records to find the first record. Once the first record isfound the stored hash of the biometric sample (#V) is the key associatedwith the first record. At block 1045, the method determines whether thereceived biometric sample hash (#H) equals the stored hash of the storedbiometric sample (#V). If the two hashed samples match, the identity ofthe user is confirmed at block 1050. If the two hashed samples do notmatch, the identity of the user is not confirmed.

The method 1000, for example, may be applicable in a system generatingone-time-use credit card numbers, where a one-time-use credit cardnumber is the transaction settlement number. In such systems, a userreceives a one-time-use credit card number upon receipt of a biometricsample. If a user claims that they did not request a one-time-use creditcard number, the biometric sample received from the user and stored whenthe one-time-use credit card number was issued may be used to eitherconfirm or deny the users claim. For example, the user contacts theissuer at block 1010, the credit card number is received 1015, and abiometric sample is received 1020. The stored biometric sample used whenthe one-time-use credit card number was issued is retrieved in blocks1030, 1035 and 1040 and the chain of records may be traversed. Thebiometric samples are compared. If the hash of the biometric samplereceived when the one-time-use credit card number was issued matches thehash of the biometric sample received at block 1020, then the user'sclaim is denied, because the one-time-use credit card number was issuedto the user and not a fraudster. Otherwise, if there is no match, theuser may have a genuine fraud claim, whereupon the issuers may initiateprocedures to address the fraudulent activity.

FIG. 11 shows a method 1100 for confirming the identity of a user in amoney transfer transaction according to one embodiment of the invention.In such transactions, in order to avoid fraudsters, a payout may only bereceived by first confirming the identity of the payee. Blocks 1110,1115, 1120, 1125, 1130, 1135, 1140 and 1145 are similar to blocks 1010,1015, 1020, 1025, 1030, 1035, 1040 and 1045 of FIG. 10, except in thismethod 1100 the transaction settlement identifier is a MTCN. At block1145, if the hash of the received biometric sample does not match thehash of the stored biometric sample, then the payout is denied. If thetwo hashes match, then the method determines whether the aggregatepayout to the user is greater than some predetermined threshold at block1160. Legally, money transfers greater than a certain amount, must meetcertain compliance requirements to deter money laundering. The aggregatepayout may be determined by moving through the daisy chain of recordsand summing the payout of all transaction. If the aggregate payout isgreater than the threshold then compliance requirements must besatisfied at block 1165 before payout occurs at block 1151. Thoseskilled in the art will recognize how to implement various complianceprocedures. If the aggregate payout is not greater than the thresholdthen payout at block 1151 may occur.

Attention is directed to FIGS. 12 and 13, which depict exemplaryembodiments of recipient-staged money transfer transaction. In theseembodiments, a recipient “stages” a transaction by providing a biometricsample and receiving a transaction control number. The recipient alsomay provide other transaction details, but this is not necessary. Therecipient provides the transaction control number to a sender, who thendeposits funds using the transaction control number. The funds can thenbe released only upon the recipient providing a confirming biometricsample. The embodiments 1200 and 1300 provide two different ways inwhich this can be accomplished.

According to the embodiment 1200 of FIG. 12, a recipient stages atransaction at block 1210. This includes providing a biometric sample.The recipient may stage the transaction using a phone and providing avoice sample, visiting a money transfer location and providing anothertype of biometric sample, or using any of a variety of other waysapparent to those skilled in the art in light of this disclosure. Thesample or a derivative thereof is stored in a transaction record, andthe recipient is provided with a transaction control number at block1212, which the recipient provides to a sender at block 1214.

At block 1216, the sender deposits funds and provides any additionaldetails necessary to create the transaction. The transaction recordestablished by the recipient is accessed using the transaction controlnumber provided to the sender by the recipient. At this point, theability to receive the funds is closely tied to the recipient via thebiometric sample. The blocks 1210, 1212, 1214, and 1216 aresubstantially similar to the corresponding blocks 1310, 1312, 1314, and1316 of the embodiment 1300 of FIG. 13.

The recipient can now receive the funds in any of several ways.According to the embodiment 1200 of FIG. 12, the recipient requestsfunds at a money transfer location and provides a biometric sample atblock 1218. A determination is made at block 1220 whether the samplematches the sample provide at the time the transaction was staged. If itdoes not, then payout is denied at block 1222. If the sample matches,the payout is made at block 1224.

According to the exemplary embodiment 1300 of FIG. 13, a recipient isable to receive the funds electronically or at a money transfer locationthis is not equipped to take a biometric sample. At block 1318, therecipient requests a MTCN by providing a biometric sample. The recipientcan request the biometric sample by, for example, phoning the moneytransfer system operator. At block 1320, a decision is made whether thesample matches the sample obtained at the time the transaction wasstaged. If it does not, the MTCN is not provided to the recipient, asindicated by block 1322. If, however, the samples match, the a MTCN isprovided to the recipient at block 1324.

Thereafter, the recipient may use the MTCN to access the funds in any ofa variety of ways, including by visiting a money transfer location,accessing an account electronically, and the like, as is apparent tothose skilled in the art in light of this disclosure.

Having described several embodiments, it will be recognized by those ofskill in the art that various modifications, alternative constructions,and equivalents may be used without departing from the spirit and scopeof the invention. Additionally, a number of well-known processes andelements have not been described in order to avoid unnecessarilyobscuring the present invention. For example, those skilled in the artknow how MTCNs are used in money transfer transactions and howone-time-use credit card purchase transactions are settled. Moreover,those skilled in the art will appreciate that the concepts discussedherein may be directed toward other types of transactions. Accordingly,the above description should not be taken as limiting the scope of theinvention, which is defined in the following claims.

1. (canceled)
 2. A one-time credit card number generation system,comprising: an input device configured to receive a biometric samplefrom a customer; an processing device configured to use the biometricsample to select a one-time credit card number from a pool ofpredetermined one-time credit card numbers; and a mapping deviceconfigured to map the selected one-time credit card number to anidentifier of the customer.
 3. The one-time credit card numbergeneration system of claim 2, wherein the input device configured toreceive the biometric sample comprises a fingerprint scanner.
 4. Theone-time credit card number generation system of claim 2, wherein theprocessing device configured to use the biometric sample comprises aretinal scanner.
 5. The one-time credit card number generation system ofclaim 2, wherein the biometric sample comprises a selection from thegroup consisting of voiceprint, fingerprint, DNA sample, and retinalscan.
 6. A system for associating a biometric sample with a one-timecredit card number comprising: a storage device configured to storeone-time credit card number and keys; an input device configured toreceive a biometric sample from a user; and a computer processor incommunication with the storage device and the input device, wherein thecomputer processor is configured to execute sets of instruction whichcause the computer processor to: receive the biometric sample from auser through the input; use the biometric sample to select a one-timecredit card number from a pool of predetermined one-time credit cardnumber; and use the one-time credit card number to settle a transaction.7. The system of claim 6, wherein the sets of instructions to use thebiometric sample to select a one-time credit card number from a pool ofpredetermined one-time credit card numbers further cause the computerprocessor to: use the biometric sample to generate a first key; andstore the first key and the one-time credit card number as a record. 8.The system of claim 7, wherein the sets of instructions to use thebiometric sample to generate a first key further cause the computerprocessor to: generate the first key by a cryptographic hashing of thebiometric sample.
 9. The system of claim 6, wherein the biometric samplecomprises a selection from the group consisting of: a voiceprint, afingerprint, a retinal scan, and a DNA sample.
 10. The system of claim7, wherein the sets of instructions to use the biometric sample togenerate a first key further cause the computer processor to: retrieve asecond key associated with the one-time credit card number from thestorage arrangement; and generate the first key by mathematicallycombining the first key with a cryptographic hash of the one-time creditcard number.
 11. The system of claim 10, wherein the instructions togenerate the first key by mathematically combining the first key with acryptographic hash of the one-time credit card number further compriseinstructions to apply an exclusive disjunction operator on the secondkey and the cryptographic hash of the one-time credit card number. 12.The system of claim 6, wherein the sets of instructions further causethe commuter processor to: issue the one-time-use credit card number tothe customer.
 13. The system of claim 6 wherein the sets of instructionsfurther cause the commuter processor to: generate a one-time credit-cardnumber.
 14. A method for associating a cryptographic hash of a physicalsample with a financial identifier, the method comprising: receiving afirst biometric sample from a user; using the biometric sample to selecta one-time credit card number from a pool of predetermined one-timecredit card numbers; and using the one-time credit card number to settlea transaction.
 15. The method of claim 14, wherein the biometric samplecomprises a selection from the group consisting of: a voiceprint, afingerprint, a retinal scan, and a DNA sample.
 16. The method of claim14, wherein selecting a one-time credit card number from a pool ofone-time credit card numbers comprises: generating a first key from thebiometric sample; and assigning the first key to the one-time creditcard number.
 17. The method of claim 16, wherein the generating a firstkey comprises: retrieving a second key associated with the financialidentifier from a database; and mathematically combining the previouskey with the hash to create the first key.
 18. The method of claim 17,wherein mathematically combining the previous key with the hash tocreate the first key, further comprises applying an exclusivedisjunction operation on the hash of the biometric feature and thepreviously generated key.
 19. The method of claim 14, furthercomprising: issuing the one-time-use credit card number to the customer.20. The method of claim 14, further comprising generating a one-timecredit-card number.